Overview

overview

7

Static

static

3

983d67d043...fc.exe

windows7-x64

7

983d67d043...fc.exe

windows10-1703-x64

3

983d67d043...fc.exe

windows10-2004-x64

3

Resubmissions

26/11/2023, 07:00

231126-hs2q9afc83 7

22/11/2023, 15:11

231122-skwv5sdc47 7

Analysis

  • max time kernel
    141s
  • max time network
    153s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231020-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
  • submitted
    26/11/2023, 07:00

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    983d67d04388730ba628b27784a602d7e62f0e4089dee0332606bc9273063cfc.exe

  • Size

    3.1MB

  • MD5

    79478b5b07ac98ab3e74e1cf14d2cc83

  • SHA1

    f3d6a96125e47e7b671139047828c5987e144d2d

  • SHA256

    983d67d04388730ba628b27784a602d7e62f0e4089dee0332606bc9273063cfc

  • SHA512

    8cb740017d3b725e51340b7517980f8eeee8ebdb0d3abe3f61b2083d36fbdf8b53959f2df8793f09598e51348cf4a67daecfcbe700ffb662969adce5e5f5a9c7

  • SSDEEP

    49152:QSG332u2RwEAvtt/JTof30WCT7sQ+rGQ:xG332uhEA985GQ

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Modifies registry class 30 IoCs
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\983d67d04388730ba628b27784a602d7e62f0e4089dee0332606bc9273063cfc.exe
    "C:\Users\Admin\AppData\Local\Temp\983d67d04388730ba628b27784a602d7e62f0e4089dee0332606bc9273063cfc.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of WriteProcessMemory
    PID:4120
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      2⤵
        PID:2120
      • C:\Windows\hh.exe
        C:\Windows\hh.exe C:\Users\Public\Music\ka4XOH
        2⤵
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:1828

    Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\ProgramData\7N6Q6Q\DWGWF_c.exe
            Filesize

            13.1MB

            MD5

            b9cc4082b3d835bdf60f54d187cfc81e

            SHA1

            c0354fc04bcd27dd79aa5019a99654b7600c8388

            SHA256

            4b4fc187a3503f68fbeb540865b21d77e98bc8e83a155c8d5e725fe24eaa1910

            SHA512

            932064375ed1dfab06193b413b9400cf0ad83b3e3feb307e0f7ea8c5d1003577dbd2cb30e51fc32860f995085062fc77365ad6976513788e71c28d10d11b6ce7

            Download Submit

          • C:\Users\Admin\AppData\Roaming\0K30J\Embarcaderophi.lnk
            Filesize

            797B

            MD5

            af9ff765ed8cbfa8230453d158eb1d99

            SHA1

            12b0f420f360c01475e7e0dff387e2382f842991

            SHA256

            d8b4c13435fe1fc4c484c0615a24f453b39c6f904e1ea038864b47e85507ec05

            SHA512

            17dde7bc37c7f114349978e72ccb9297d52e712b609c6071838f6631469b4c342193fbc0b6481253a535481f8624537c299bf74f2ad6827732844ff990c10979

            Download Submit

          • C:\Users\Admin\AppData\Roaming\0K30J\yfVP.exe
            Filesize

            105KB

            MD5

            6b8ebc942fe392c669b0b21bc8f83a03

            SHA1

            18fb9645a7365ae17b8386e47bec0b5ba6f5122f

            SHA256

            e5a35deff01c93f658ab8c4192570ad9ae5ffaa4f5f6d1b4db99f176bf5bdbe7

            SHA512

            0953d528c5d07b22fa0a969c98d569cf68e58450e1fc0179ddb2068cb4c429d23044a71005fd0daebe7e0c896c5a7598c5329e4c040be9099dfb1e62a2686589

            Download Submit

          • C:\Users\Public\Music\ka4XOH\d7XQKA.url
            Filesize

            67B

            MD5

            d278abedcbaa39d82de2392b3ba0dd1a

            SHA1

            1e0fbff21a806bccf12a9c7d1b73085db6a99ceb

            SHA256

            99db4049e4039bb3dc5e3504828525a5ed0e7b5eb8a98b23c222728cfab7a549

            SHA512

            744e16a865834c8d8f74a208b1fdc5e52840714562e7b90ef5f5cc31f804a84c64478f2b4e4b82fd41407845a02bfe6905c8a58cad521999038ef239b48fa15c

            Download Submit

          • C:\Users\Public\Q6P6P9
            Filesize

            14.3MB

            MD5

            fa8e77c7e449aee331882f3f7d3db2a0

            SHA1

            4b7bff07d1e35f29dce8519a85f77304275f8b57

            SHA256

            4f4712991061b558707171e1406a0f3e74c2643834b841fadbdb61e86335e63d

            SHA512

            610d40af77197980b7ad016eda66ae6329564976e459139f724fed0b5e6e82c5d700748a9fa2ddaae4e6f0eac96c8efbc98545564b065d92cb008208843a2ec6

            Download Submit

          • memory/4120-2-0x0000000010000000-0x00000000100C1000-memory.dmp

            Filesize

            772KB

            Download

          • memory/4120-11-0x0000000004810000-0x0000000004856000-memory.dmp

            Filesize

            280KB

            Download